Virtual IP route issue?



  • Hi There

    I am using pfSense 2.2.5

    My LAN subnet is 192.168.1.0/24.  I have added a virtual IP to the LAN interface of 10.10.10.1 with mask of /24.  The WAN interface is 192.168.99.0/24 (test) and there is no NAT set up between the 10.10.10.* range and WAN.  I have a rule to allow all ICMP from any source/destination.  Host in 10.10.10.* range has gateway of 10.10.10.1 which is the Virtual IP added to the LAN interface.

    Currently, I am unable to ping from a host in the 10.10.10.* subnet to a host in 192.168.99.* - am I missing some obvious reason why this won't work?

    If I look at the firewall log I can see ICMP traffic allowed from the 10.10.10.* host, but the ping has no reply.

    Thanks in advance for any advice
    Peter



  • What type of VIP are you using?  Some must be in the same subnet as the interface that's assuming them.

    https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses



  • I'm using the IP Alias type - hosts are in the 10.10.10.0/24 and the virtual IP is 10.10.10.1

    Is that what you mean?



  • Yes.  I'll see if I can find time to simulate this this afternoon.



  • That's much appreciated - thank you



  • OK, I Just whipped it up in my ESXi lab.  Works fine for me.

    WAN: 10.10.20.1/16
    LAN: 192.168.20.1/24
    DMZ: 172.16.20.1/24
    VIP: 172.16.30.1/24

    Lubutunu box @ 172.16.30.10 can ping other Lubuntu box @ 192.168.20.10.

    Maybe something burped and you should delete and recreate that VIP.  Also, you might have a rules issue so perhaps post your LAN rules.


Log in to reply